Managed ‘Russian ransomware’ as a service spotted in the wild

By Dancho Danchev

In 2013, you no longer need to posses sophisticated programming skills to manage a ransomware botnet, potentially tricking tens of thousands of gullible users, per day, into initiating a micro-payment to pay the ransom for having their PC locked down. You’ve got managed ransomware services doing it for you.

In this post I’ll profile a recently spotted underground market proposition detailing the success story of a ransomware botnet master that’s been in business for over 4 years, claiming to be earning over five hundred thousands rubles per month.

More details:

What he offers are two packages of his ransomware release. The first package includes the actual source code (in Delphi), as well as detailed instructions on using and modifying it. The price is $100. The second package however, includes the option of directing live traffic to the landing pages of his customers. This is an attempt to efficiently convert the traffic into ransomware-infected hosts, the source code of the ransomware, managed crypting of the actual binaries, money laundering tips for the fraudulently obtained funds, as well as instructions on how to actually ‘cash out’ the money through an ATM. The price for the second package is $500.

Sample screenshot of the actual ransomware:

Sample screenshot of the source code offered as a proof for its possession:

Sample screenshot of the cybercriminal’s statement from his bank, proving that his fraudulent campaigns are actually generating him tons of money:

We’ll continue monitoring the development of this service, and post updates as soon as new developments emerge.